tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Bonner <bkbon...@gmail.com>
Subject Fwd: Authenticating with LDAP against multiple organizational units
Date Mon, 17 Oct 2005 15:37:13 GMT
I forgot to add.

If I use only a single organizational unit and specify this in the
user base, it works OK.

i.e.


<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
	     connectionURL="ldap://ldapdc.thf.net:389"
	userBase="ou=THFUsers,dc=thf,dc=net"
        userSearch="(cn={0})"
	userRoleName="memberOf"
	roleBase="cn=Users,dc=thf,dc=net"
	roleSearch="(member={0})"
	roleName="cn"
	connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
	connectionPassword="sample"
	roleSubtree="true"
/>

The role (StaffBoard) is located in cn=Users,dc=thf,dc=net.

Thanks,

Brian

---------- Forwarded message ----------
From: Brian Bonner <brian.bonner@paraware.com>
Date: Oct 17, 2005 11:27 AM
Subject: Authenticating with LDAP against multiple organizational units
To: users@tomcat.apache.org


We're having a problem authenticating with Tomcat 5.5.9 against
multiple organizational units.  Our LDAP server is Active Directory.

Here's our current setup:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
            connectionURL="ldap://ldapdc.thf.net:389"
       userBase="dc=thf,dc=net"
       userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))"
       userSearch="(cn={0})"
       userSubTree="true"
       userRoleName="memberOf"
       roleBase="cn=Users,dc=thf,dc=net"
       roleSearch="(member={0})"
       roleName="cn"
       connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
       connectionPassword="sample"
       roleSubtree="true"
/>

When we search using this criteria, we see the following in the log:

CA 2005-10-17 11:16:31,283 Thread-1           DEBUG
org.apache.catalina.realm.RealmBase  - Register Realm
Catalina:type=Realm
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   User data constraint has no
restrictions


However, instead, I'm prompted with the authentication form and asked
for my userid/password.

Can someone suggest what I might be doing wrong in this configuration,
or how I can enable additional logging to tell me what is failing?

Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message